July 2, 2024 at 05:18AM Cisco has released patches for a zero-day vulnerability, CVE-2024-20399, in its NX-OS software. The medium-severity flaw allows local attackers to execute arbitrary commands with root privileges. Exploited by a China-linked cyberespionage group, the bug impacts various Cisco switch series. Cybersecurity firm Sygnia discovered and reported the vulnerability and advises updating … Read more
June 18, 2024 at 12:36PM A state-sponsored threat actor, Velvet Ant, maintained persistent access to a victim organization’s network for three years using a legacy F5 BIG-IP appliance, deploying various tools and techniques to compromise critical systems and access sensitive data. The cybersecurity firm Sygnia believes they are a China-based threat actor with sophisticated OPSEC … Read more
June 17, 2024 at 01:41PM The group Velvet Ant, believed to be Chinese cyberespionage actors, deployed custom malware on F5 BIG-IP appliances to establish persistent connections and steal data from a company undetected for nearly three years. Sygnia discovered the intrusion, outlining the attack methods and re-infection chain. They also provided defense recommendations to counter … Read more
March 22, 2024 at 08:33AM A China-linked threat group utilized security flaws in Connectwise ScreenConnect and F5 BIG-IP to distribute custom malware for creating backdoors on compromised Linux hosts. The group, tracked as UNC5174, has targeted various organizations, including research institutions and government entities in the U.S. and U.K. They have also been observed trying … Read more
December 20, 2023 at 04:59PM Israel National Cyber Directorate warns of phishing emails posing as F5 BIG-IP zero-day security updates, deploying data wipers for Windows and Linux. Israeli organizations targeted by pro-Palestinian and Iranian hacktivists since October. New phishing attack delivers data wipers through fake F5 update emails. Wipers communicate with a Telegram channel, posing … Read more
October 27, 2023 at 11:17AM A critical vulnerability, CVE-2023-46747, has been discovered in the F5 BIG-IP configuration utility. It allows unauthenticated remote code execution by attackers with remote access to the utility. The vulnerability has a CVSS v3.1 score of 9.8. Devices with the Traffic Management User Interface exposed to the internet are at risk. … Read more